WordPress.org

Català

Aconseguiu el WordPress
WordPress.org

Plugin Directory

NETSENSAI Shield

NETSENSAI Shield

Per Rafal Gierlicki
Baixa

Descripció

NETSENSAI Shield offers a range of security features, including:

  • Changing the login URL to reduce brute force attack risks.
  • Disabling the REST API (WP API JSON) for non-logged-in users.
  • Disabling XML-RPC to prevent unauthorized access.
  • Disabling the WordPress file editor to avoid accidental or malicious changes.
  • Disabling Application Passwords to block unauthorized API access.
  • Applying advanced HTTP security headers (e.g., HSTS, X-Frame-Options, Content-Security-Policy).
  • Integration with W3 Total Cache:
    • Permanently disable .htaccess writes by W3TC
    • Runtime disabling of Page Cache UI
    • One-time full cache flush on first admin page load
    • Automatic cache flush on Secure Options save
    • Physical cleanup and permanent disable via the W3TC API
  • Suppression of Site Health REST API availability notices for non-logged-in users (removes false Site Health errors while maintaining full API blocking).

The free version provides both core and advanced Level 3 security functionalities. A PRO version offers extended support, additional features, and automatic protection enhancements.

Instal·lació

  1. Download NETSENSAI Shield from the WordPress.org repository or upload the plugin files to /wp-content/plugins/netsensai-shield/.
  2. Activate the plugin on the WordPress Admin Dashboard under Plugins.
  3. Navigate to Settings > Secure Options and configure as needed.

PMF

How do I change the WordPress login URL?

Go to Settings > Secure Options and enter your preferred path in the Change Login URL field.

How does disabling WP API JSON improve security?

It reduces exposure of your site’s data via the REST API for non-logged-in users.

Why disable XML-RPC?

Disabling XML-RPC helps protect against brute force attacks targeting that protocol.

What is the effect of disabling the file editor?

It prevents code modifications via the dashboard, reducing the risk of malicious changes.

What headers are included in Level 3 security?

The plugin can apply:
* Strict-Transport-Security (HSTS)
* X-Frame-Options
* X-Content-Type-Options
* Content-Security-Policy (CSP)
* Referrer-Policy
* Permissions-Policy

How does the W3 Total Cache integration work?

On activation or settings save, NETSENSAI Shield clears the W3TC cache, disables the Page Cache UI to prevent conflicts, and blocks future .htaccess writes by W3TC.

How does suppression of the Site Health REST API notice work?

The plugin removes the default REST API availability test in Site Health for guest users, while still enforcing your REST API blocking settings.

Ressenyes

Amazing wordpress security plugin

12 de maig de 2025
Why I Chose Netsensai Shield. I’ve tested popular WordPress security plugins: Wordfence, and WP Solid Security (formerly iThemes Security). While each brings solid protection to the table, Netsensai Shield stood out—especially when it comes to modern web security standards. Achieved an A+ rating on SecurityHeaders.com right out of the box—no extra configuration needed. That’s a huge win for privacy-conscious and compliance-driven sites. Lightweight and fast—minimal impact on server resources. Clean, beginner-friendly interface. If you’re looking for a fast, no-fuss plugin that delivers secure headers and solid protection, Netsensai Shield is a fantastic choice—especially for small to medium-sized sites. Netsensai hits a sweet spot between performance, ease of use, and strong out-of-the-box security. PL: Jeśli szukasz szybkiej, bezproblemowej wtyczki, która zapewnia bezpieczeństwo przed najpopularniejszymi atakami i solidną ochronę dla Twojego sklepu lub strony internetowej na Wordpressie, Netsensai Shield to doskonały wybór – szczególnie dla małych i średnich stron ale nie tylko. Netsensai trafia w idealny kompromis między wydajnością, łatwością obsługi a skutecznym zabezpieczeniem już od momentu instalacji. Zero konfiguracji, tylko włączasz opcje. Dodatkowo cena bardzo atrakcyjna. Polecam

Great plugin

23 de abril de 2025
It’s a great plugin! Very easy to install and effective in its work. Got it for all my sites. I am also impressed by the support team. Very efficient and client-oriented. When approached, responded immediately in a very helpful and friendly manner.
Llegiu totes les 3 ressenyes

Col·laboradors i desenvolupadors

«NETSENSAI Shield» és programari de codi obert. La següent gent ha col·laborat en aquesta extensió.

Col·laboradors

“NETSENSAI Shield” s’ha traduït a 1 configuració regional. Gràcies als traductors per les seves aportacions.

Traduïu «NETSENSAI Shield» a la vostra llengua.

Interessats en el desenvolupament?

Navegueu pel codi, baixeu-vos el repositori SVN, o subscriviu-vos al registre de desenvolupament per fisl de subscripció RSS.

Registre de canvis

1.4.5

  • Scripts and styles now enqueue only on Settings Secure Options (hook_suffix check).
  • assets/script.js is versioned via filemtime() to bust cache on each update.
  • Removed legacy, unconditional enqueue—eliminates console errors about missing toggle IDs.
  • Streamlined admin enqueue logic into a single ns_shield_admin_enqueue_assets() function.

1.4.4

  • Fixed custom login URL in password reset flow:
    • Password reset emails now include the correct custom-slug link with full query parameters.
    • “Set new password” form action and hidden fields (login, rp_key) now function under the custom URL without 404 errors.
    • Disabled WP canonical redirects on the custom login page to preserve login/key parameters.
  • Removed all error_log() debug hooks.
  • Streamlined site_url and login_form_action filters to catch every wp-login.php occurrence.

1.4.3

  • Fixed readme parsing by removing Markdown syntax from the License URI and ensuring a plain URL.
  • Updated short description to fit 150-character limit.
  • Removed calls to error_log() flagged by Plugin Check.

1.4.2

  • Minor formatting cleanup in readme; bumped version to 1.4.2.

1.4.1

  • Compliance updates for WordPress.org (tags, description length); bumped version to 1.4.1.

1.4

  • Added integration with W3 Total Cache (cache flushing, UI disable, .htaccess protection) and hides Site Health errors related to the REST API for non-logged-in users.

1.3

  • Restored Level 3: Advanced Security features in free version. Improved popup behavior, translations added, Plugin Check compatibility enhanced.

1.2

  • Level 3 features were temporarily moved to PRO; version 1.3 restores them.

Meta

Valoracions

5 sobre 5 estrelles.

Afegeix una ressenya

Visualitzeu totes les ressenyes

Col·laboradors

Suport

Teniu quelcom a dir? Necessiteu ajuda?

Visualitza els fòrums de suport